Open Phillipus opened 4 months ago
Phillipus
commented
4 months ago The warning message first appears at this point:
And so, if it is possible to implement this, it will be in the native JNI code here:
Where is the main NSApplication and NSApplicationDelegate created? Is it here? And, if so, can applicationSupportsSecureRestorableState be implemented to return true?
Phillipus
commented
4 months ago I first reported this issue in the SWT issue tracker, and then closed that one and opened it here because the warning message appearing at the bridge.showSplash point. But after debugging with the -noSplash option the warning message now appears immediately after this line in WorkbenchAdvisor:
So I'm not sure whether to continue to trace this to SWT or Equinox. Or maybe both? Need to find out where the NSApplication and NSApplicationDelegate are created.
@HannesWell @HeikoKlare WDYT?
mdaloia
commented
4 months ago This JDK issue could be related: https://bugs.openjdk.org/browse/JDK-8318854
Phillipus
commented
4 months ago This JDK issue could be related: https://bugs.openjdk.org/browse/JDK-8318854
Yes, thanks for the link. They've implemented applicationSupportsSecureRestorableState in their NSApplicationDelegate for AWT.
I've been trying to figure out how to do the same in SWT. So far I've found some clues in the Display class with no success at a solution:
I can add a applicationSupportsSecureRestorableState method and selector but don't know where it can implemented to return a boolean.
HannesWell
commented
4 months ago So I'm not sure whether to continue to trace this to SWT or Equinox. Or maybe both? Need to find out where the
NSApplicationandNSApplicationDelegateare created.@HannesWell @HeikoKlare WDYT?
I'm sorry, but I can't help much on this: I have only little knowledge about the C code itself and zero knowledge about Mac their API. Maybe @sravanlakkimsetti or @lshanmug can help?
HeikoKlare
commented
4 months ago So I'm not sure whether to continue to trace this to SWT or Equinox. Or maybe both? Need to find out where the
NSApplicationandNSApplicationDelegateare created. HannesWell HeikoKlare WDYT?I'm sorry, but I can't help much on this: I have only little knowledge about the C code itself and zero knowledge about Mac their API. Maybe sravanlakkimsetti or lshanmug can help?
I am sorry, but unfortunately the same holds for me. I use a Mac only for validation purposes and for migrating changes I make for one OS (in particular Windows) to the others, but I have no knowledge about the system's APIs, the native SWT code etc.
Just from what I have seen so far, I would expect that SWT code is responsible for NSApplication and NSApplicationDelegate, but that's only a guess.
Phillipus
commented
4 months ago It turns out that this warning message is triggered in two places - SWT and Equinox. Both use a NSApplication and so both need to implement applicationSupportsSecureRestorableState in the delegate.
I've fixed the SWT case here but I can't fix the issue in the JNI code. I think this file needs to change.
Phillipus
commented
4 months ago
The issue When running Eclipse or an RCP app on macOS Sonoma a warning message is written to the console:
eclipse[4647:170325] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.I've Googled this and it seems that this could lead to a vulnerabilty and needs to be addressed. For example see here:
https://stackoverflow.com/questions/77283578/sonoma-and-nsapplicationdelegate-applicationsupportssecurerestorablestate?rq=2
To Reproduce The only way to see this warning message is to run Eclipse on Mac Sonoma from the command line so the message is written to the console in the Terminal app:
Eclipse.app/Contents/MacOS/eclipseExpected behavior The warning message should not appear.
Environment: macOS Sonoma 14.5 MacBook M2 aarch64 Temurin JDK 17.0.11+9 Eclipse 4.31 and latest 4.32 I builds